SDL

There are 3 entries for the tag SDL

XSSDetect Public Beta

Today I have read about this cool plug-in for Visual Studio 05. It detect whole the XSS problem in your asp.net web application. You can download it here. Tags: Security, SDL

Security

In my italian blog version I'm posting some chapter summaries about SDL: The Security Development LifeCycle. You can find something like my summaries, and better than mines, in the following blogs: .NET Security Blog The Security Development LifeCycle   I think that the security topic is the most hot point of the new application era and I think that the more the applications will be linked witch each other (to share data and process), the more security will be a key point of software development in the...

STRIDE

Determine Threat Types What is STRIDE? STRIDE is a taxonomy used in Microsoft to identify a threat. STRIDE means: Spoofing Identity The concept of spoofing identity is allowing unprivileged code to use someone else's identity, and hence, their security credentials. For example, a driver that uses some form of a password mechanism is subject to this type of attack. Not all such drivers have security flaws, although, they are vulnerable to security flaws based on spoofing identity. The designers and implementers of the driver need to evaluate the level of...